Hi,
We are using Apache HttpClient to download files from remote server, the files
are encrypted, so we wrap a CipherOutputStream around the InputStream returned
from HttpClient.
While doing this, we always see this error this error the first time and then
at random times:
java.security.ProviderException: update() failed
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:565)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:464)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:452)
at javax.crypto.Cipher.update(DashoA13*..)
at javax.crypto.CipherInputStream.a(DashoA13*..)
at javax.crypto.CipherInputStream.read(DashoA13*..)
at javax.crypto.CipherInputStream.read(DashoA13*..)
at com.purato.eos.gcs.GcsClient.copyStream(GcsClient.java:762)
at com.purato.eos.gcs.GcsClient.main(GcsClient.java:821)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:549)
... 8 more
Here are some intersting findings
1. This only happens when trying to decrypt a file being streamed remotely, the
same file when fed from the file system is ok
2. This problem does not happen when nss is disable and default SUNJCE is used
3. This problem does not happen when the remote file being streamed is small
i.e. < 692 bytes in my case
4. Just a side note: HttpClient maintains keep alive connections, so the first
time it takes a couple of seconds for the first set of bytes to arrive, but in
subsequent calls it is immediate and may be that is the reason it does not fail
4. I wrapped the input stream returned by HttpClient to see what calls
CipherInpytStream is making to the underlying remote input stream, and there is
no difference in the calls, or the bytes returned. Just that at the first
download, nss errores out at 692 bytes, but after that it goes fine.
The debug logs here, you will see "Read 2: length of bytes read: checksum of
bytes"
Fri Mar 22 23:37:54 PDT 2013 5 Starting download:
speedtest/abc.txt:/tmp/output.dat
Fri Mar 22 23:37:56 PDT 2013 Read 2 : 692:a0d6aab81bb78bd42766d21ec746d711
Fri Mar 22 23:37:56 PDT 2013 Available: 0
java.security.ProviderException: update() failed
Fri Mar 22 23:37:56 PDT 2013 Error: speedtest/abc.txt:/tmp/output.dat,
java.security.ProviderException: update() failed
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:565)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:464)
at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:452)
at javax.crypto.Cipher.update(DashoA13*..)
at javax.crypto.CipherInputStream.a(DashoA13*..)
at javax.crypto.CipherInputStream.read(DashoA13*..)
at javax.crypto.CipherInputStream.read(DashoA13*..)
at com.purato.eos.gcs.GcsClient.copyStream(GcsClient.java:762)
at com.purato.eos.gcs.GcsClient.main(GcsClient.java:821)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:549)
... 8 more
Fri Mar 22 23:37:56 PDT 2013 5 Starting download:
speedtest/abc.txt:/tmp/output.dat
Fri Mar 22 23:37:56 PDT 2013 Read 2 : 692:a0d6aab81bb78bd42766d21ec746d711
Fri Mar 22 23:37:56 PDT 2013 Available: 0
Fri Mar 22 23:37:56 PDT 2013 Read 2 : 12:1e4f9d783bdb99ac6e01b4a798d3c056
Fri Mar 22 23:37:56 PDT 2013 Available: 0
Fri Mar 22 23:37:56 PDT 2013 Read 2 : -1:d41d8cd98f00b204e9800998ecf8427e
Fri Mar 22 23:37:56 PDT 2013 File downloaded:
speedtest/abc.txt:/tmp/output.dat, len: 688
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
